7 Top Scams and How to Avoid Them

From robocalls to identity theft, learn how to prevent the most common scams online and off.

A woman uses her cell phone on the couch.
Most people are contacted by scammers over the phone.
GaudiLab / Shutterstock

Americans lost more than $8.8 billion to fraud in 2022, a report from the Federal Trade Commission shows. But the problem is likely much worse than that: The 2.4 million scams reported to the FTC represent only people who formally complained about their losses. The true size of the problem is far greater—particularly among adults 65 and older, who as a group forfeit nearly $3 billion a year to scams, according to the United States Senate Special Committee on Aging.

Whether the scammers prey on insecurity or confusion, fear or greed, they figured out the psychology of their victims long ago. However, the tools they use to swindle people continue to change. “The biggest trend we’re seeing right now is COVID-19-related cyber scams,” says Sara H. Jodka, a cybersecurity attorney with the law firm Dickinson Wright. These scams range from fake fundraising efforts to phony work-at-home job offers.

It isn’t easy to keep up with the latest trends in fraud. Here’s how to identify, prevent, and report seven of the most common current scams, from identity theft to robocalls.

1. Identity Theft

Identity theft remains the most prevalent type of consumer fraud. It’s so rampant that the FTC breaks it out as its own category, even though it’s often involved in other kinds of scams. The challenge with identity theft is that it comes in dozens of forms, including credit card fraud, banking and loan fraud, and tax fraud. Put simply: Any place you provide personal or financial information, online or off, can make you vulnerable to identity theft.

Credit card fraud remains the biggest threat, and it’s on the rise. This type of scam includes goading consumers into applying for a card that doesn’t exist (if interest rates seem too good to be true, they probably are) and the increasingly common use of card skimmers at point-of-sale readers, such as the ones at gas station pumps.

“Verified credit card details can be sold for $1 or $2 each,” says Paul Katzoff, CEO of WhiteCanyon Software, a computer security firm. “There’s a whole economy of bad actors working to secure your sensitive personal information.”

Fake loan offers are also a major avenue for identity theft. Whether these are for a car, a small business, or a college education, spurious lenders are anxious to nab your Social Security number and bank details if you can be tricked into willingly handing them over. Medical identity theft, wherein a thief uses your identity to obtain medical care or prescription drugs, is also a growing concern: It can leave you with a staggering bill (and, in the case of pharmaceutical fraud, facing possible criminal charges).

How to Prevent Identity Theft

The best advice for protecting yourself remains the same as ever: Verify the identity of any person or company with whom or which you do business. Ignore telemarketing calls. Be cautious with emails—scrutinize the sender’s address before opening, and look for signs of phishing before you click on links or reply. And, most importantly, never give out your Social Security number unless you’re absolutely certain it’s necessary and the requesting party is legitimate.

A woman works on a laptop.

Always check for signs of phishing before entering personal data or passwords online.

Jacob Lund / Shutterstock

2. Phishing Scams

Phishing scams (alternately known as imposter scams) involve an attacker pretending to be someone else in the hopes of convincing you to give up specific information—a credit card number, a password, your mother’s maiden name. Phishing scams are often the prelude to identity theft.

Phishing relies on the attacker gaining your trust. An email purporting to be from your bank or your utility provider may look a lot like the real thing. One especially nefarious and popular form of the attack is to email you a fake, outrageously high bill for services. When you click the link to try to figure out why the balance due is so high, in your panic you fail to notice the signs that it isn’t real, including any misspelled words, broken images, or suspicious email addresses or links. By then it’s too late: You’ve already given over a password or financial information, and the hacker is off to the races.

Phishing can also take place over the phone, on social media, or in person. For example, a scammer could show up at your front door in a uniform claiming to be from your alarm company and looking to perform an upgrade. In reality, the person is there to snag your home security system’s PIN.

How to Avoid Phishing

Email is the most common avenue for phishing attacks, so your best defenses are a strong third-party anti-spam system (from a provider such as Norton or Kaspersky) and resolute suspicion when it comes to filling out online forms. “Check your sources,” says Tom Patterson, managing director for emerging technology security at Accenture, a global IT firm. “No longer can you trust that link from your family, friends, or co-workers with important-sounding names and impressive-looking logos.” Some paid antivirus programs also include web browser protections that can help detect whether a site is legitimate.

On the phone, if you pick up a call from someone who sounds suspicious or is requesting personal data, take down their information—name, affiliation, reason for calling, and number—and ask to call them back. You can look up the number online to ensure the caller is legitimate and that the number provided is correct before proceeding. Never share information over the phone unless you have called the company directly. Companies should never call and ask for your credit card information or personal details.


3. Ransomware

Have you ever had a message pop up on your computer screen warning you that your system has been hacked—and the only way to fix it is to send money (often bitcoin) to a certain account? This is an increasingly popular scam known as ransomware, wherein an attacker holds your system ransom until you pay up. In some cases, your files have been encrypted, and you’ll have to buy a key code to unlock them.

The first thing to know is that, in many cases, ransomware attacks are bogus. The pop-up message claiming that your system has been hacked may simply be a virulent advertisement. Nothing has actually been done to your device; however, the pop-up is still a sign of a possible malware infection and should be dealt with quickly. Running a simple anti-malware application such as Malwarebytes can often clear this up.

If you’ve genuinely been attacked and your files have been encrypted, experts are divided on whether you should pay the ransom. One expert estimates that criminals come through with the key 70 percent of the time after receiving payment. However, your payment also marks you as a potential gold mine, which means they could instead request even more cash with no intention of ever freeing your files.

How to Prevent Ransomware Attacks

The best defenses? Strong anti-malware software, kept up to date, plus daily backups of your critical files. Cloud storage providers such as OneDrive and Dropbox make online backups easy and are arguably safer than using an external hard drive, which can also become infected by malware or encrypted by ransomware.

4. Phone Scams

Although internet fraud tends to get more attention, the phone is the number-one way people report being contacted by scammers, either by texting or calling, according to the FTC. Nearly half of all scams reported to the Federal Trade Commission in 2022 used phone calls and texts, and unwanted calls are the Federal Communications Commission’s top consumer complaint.

Phone scams have existed for decades, but in recent years they have evolved. No longer does a resolute criminal have to dial potential victim after victim and make a series of attempts to talk you out of your cash. Now a computer does the heavy lifting. Autodialers—the devices or programs that make robocalls—can send thousands of pre-recorded messages to victims, hoping that one or more of them sticks. The variations are endless: The IRS is investigating you. Your bank account has been seized. There’s a warrant out for your arrest. And most amusingly, your Social Security number has been suspended (which isn’t possible).

Increasingly, phone-based attacks can take the form of text messages or strange voice mails that appear after one ring or none at all. The goal, as with robocalls, is to trick you into calling them back.

How to Prevent Phone Scams

All of these attacks prey on people’s fears. They rely on people panicking and supplying bank or credit card information in a bid to quickly resolve a problem that doesn’t exist. Blocking these numbers—which are often spoofed and changed with each call—is usually ineffective, and attempting to “opt out” by telling a caller to stop or pressing a certain key on your phone as directed may mark you to receive more calls, not fewer.

The best defense is to ensure all your numbers are current on the National Do Not Call Registry and to ignore calls from any number you don’t recognize. (After all, if it’s important, they’ll leave a message.) You can also try one of the many call-blocking apps that are available.

5. Phony Prizes and Lotteries

Congratulations, you’re a winner! The prospect of getting free stuff is effective—consumers lost $302 million to these scams in 2022, the FTC report shows. How do you lose money when you’ve been promised winnings? The trick is usually that you have to pay some kind of fee to collect your prize—say, to cover taxes or shipping for that new car that’s (not) on the way.

A more modern spin on the scam involves sending you a counterfeit check for more than the amount you “won.” The scammer tells you to deposit the check and wire back the overage, because they trust you won’t try to keep the excess. Only once the wire has cleared does your bank realize the check is fake, leaving you with a deficit. In most states, you are responsible for the losses, and your account will be debited accordingly. The bottom line: Never deposit a check from someone you don’t fully trust.

How to Avoid Phony Prizes and Lotteries

To be safe, toss all junk mail unopened and install a reliable spam filter on your computer. Your bank can help advise you if a check you received is legitimate. A “cleared” check doesn’t actually mean it’s real: It can take a bank weeks to determine a check is fake. If there’s any suspicion at all, pros suggest waiting a full 30 days before drawing funds against a deposited check.

Senior couple look at a tablet together on the sofa.

Research hotels, airlines, tours, and more before booking.

Halfpoint / Shutterstock

6. Travel Scams

The rise of third-party booking sites and short-term vacation rentals has inadvertently opened the door for increased criminal activity. Enterprising crooks create bogus listings on these services for homes, hotels, or airline tickets, encourage you to pay them directly, and then pocket your payment and vanish. (Sometimes consumers don’t realize they’ve been scammed until they arrive at their vacation rental or the airport.) Crooks can even spoof an entire hotel website, booking rooms and accepting payments until they’re finally caught.

Other types of travel-related scams have been around for decades, including “free” vacations that have hidden fees and misleading timeshare offers.

How to Avoid Travel Scams

Before you book your vacation, double-check details against online maps (to ensure addresses are real) and user reviews (to suss out service quality and transparency) to help confirm the legitimacy of providers. Book through a reputable travel agency or directly with the hotel, airline, or travel company.

If you book over the phone, confirm all reservations with the hotel or airline at a later date and before the start of your trip. The FTC also recommends paying with a credit card to give you more protection and the ability to dispute charges if you don’t get what you paid for.

7. Phony Charities

Everyone likes to feel as if they’re doing something good for the world, so it’s natural that scammers would invent charities to cheat people out of money through donations. These scams are especially hard to uncover because a victim gives away money willingly—and may even feel great about it after the fact.

Charity scams can crop up online (such as through fraudulent GoFundMe campaigns), via email, through social media, over the phone, or even door to door, where a personal sob story can be extremely effective.

How to Prevent Charity Fraud

Research, research, research. The Internal Revenue Service and websites like CharityWatch can help you determine whether a charity is real or not. Major disasters and health events invariably lead to a spike in phony charity activity, so be especially careful during troubled times.

How to Report Suspected Fraud

It’s easy to report a scam, whether attempted or successful, on the FTC’s website. You probably won’t see much in the way of justice, but every report to the commission helps shed light on the size and depth of the problem.

If you suffer a monetary loss or your identity is compromised, report the incident(s) to all three major credit-reporting agencies—Experian, Equifax, and TransUnion—in the form of a fraud alert. (Contacting one nets you 90 days of protection; contacting all three creates an extended alert for seven years.) You’ll need a police report not only to file this alert but also to safeguard against potential future losses. Many local police departments let you file identity theft reports online.

How to Recover from Fraud

If you’ve been the victim of a scam, you are not alone. Follow the steps in the FTC’s in-depth guide to recovery and plan how you will prevent scammers from being successful next time. 

Once you have reported the fraud to the FTC, the local police, and the credit-reporting agencies (see above), your next move should be to cancel any affected credit cards and change all passwords associated with a compromised account. If you had reused that password on any other accounts, change each of those to a new, unique password as well. 

Inform any company—banks, stores, insurers—where fraud has occurred, and keep a close eye on your credit reports and account statements for the next 12 to 18 months. If fraudulent charges continue to appear, challenge them and request a new card number.

This article was first published in May 2020 and last updated in October 2023.